Question

Write a research project on Biometrics Authentication. What are the security challenges and privacy implications. What are the technologies used for biometrics authentication?

Answer 1

Biometric Authentication, its security challenges and privacy implications, and the technologies used for biometric authentication:
Biometric authentication is one of the processes or ways of identifying, verifying, controlling access, and then realistically authenticating users to unlock, unblock, login, and access the systems, services, applications, devices, etc to which they are authorized to, using biometric parameters or factors such as, palm prints, fingerprints, voiceprints, DNA, retina scan, odor/scent, palm veins, face recognition, iris recognition, etc.

Biometric authentication technology is an emerging and booming one. Its applications are in security, software, IT, law enforcement, defense, health sector (hospitals), education, finance, banking, legal, entertainment, etc. fields, industries, or sectors. It is especially, used in surveillance to identify individuals amongst groups, people, or crowd.

On the other hand, from the abstract form perspective, unique behavioral characteristics of a person such as the pattern of behavior, and actions of an individual, such as his/her typing rhythm, gait, style, gestures, facial expressions, voice, etc., are considered biometric authentication factors. Hence, it requires a biological input scanning and analyzing the same, to be verified for the user to be authenticated to access something upon predefined permissions, privileges, authorization, and appropriate access control policies per his/her role.

Hence, it basically, depends on unique biological characteristics of an individual for him/her to access something been authorized to, thus verifying his identity, proving he/she is who he/she, respectively, claims to be.

As the name suggests, biometrics is a technical term, where "bio" is related to one's body and "metrics" refers to its and other human characteristics' measurements and calculations.

This biometric authentication is effective, unique, high level, and more secure than other old authentication mechanisms, and provides convenience to the users being authenticated and also the people or entities authenticating them.

The technologies used for biometric authentication are IT infrastructure such as computers, servers, biometric sensors for identity technology, high definition cameras and other systems for facial recognition, or microphones for voice capture/recording or speaker recognition technology, hand and finger geometry scanner, vein geometry scanner, eye scanners, especially iris scanners, fingerprint scanners such as optical, capacitive, and ultrasound, all the captured and analyzed data are stored in databases, and servers to process them, either on-premise data centers or on cloud.

It does come with serious privacy concerns of its own and also has security challenges. There is an absence of legal and regulatory requirements which is a challenge in the implementation of the proposed biometric solution, specifically with respect to biometrics implementation into smart cards. There is a security concern of saving, storing, or safeguarding, using, processing, and transferring biometric credentials and details.

Also, another security concern is of false negatives and false positives mistakes, and human and system errors. Also, virtually and physically, biometric credentials could be replicated or copied, stolen by hackers from the servers or storages, and also directly from users. Biometric credentials are difficult to keep them secret or hidden, and any and all stolen biometrics are hard to be revoked, modified, or changed.

Many users have privacy concerns of governments, systems, enterprises using their biometric credentials as, they are simply considered as one's personal data per Personally Identifiable Information (PII) policies and laws, and they do not want the details to provide and those shared with someone. Hackers hacking people's biometric credentials will affect severely in the users’ lives and privacy in a negative way, hurting, harming and bringing them all kinds of damages, loss, and even their death. The surveillance systems using biometric authentication and monitoring itself would ruin peoples' privacy.